Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rebhip Worm deleted, but I got internet disconnections.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Aviv.A

Aviv.A

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 01 March 2014 - 08:07 AM

Hello. I am facing a problem since 27/02/14 when I downloaded in mistake a file that contains a Rebhip worm. the file is: ( hxxs: //anonfiles.com/ file/3bd31efe4f2aa020c1913d8ed41f7b53 ) WARNING: IT CONTAINS A REBHIP VIRUS. IT IS ONLY GIVEN TO THE MODERATORS / USERS FOR THEM TO SCAN IT / LOOK WHAT IT DOES.
I have an analysis Report of this program: http://anubis.iseclab.org/?action=result&task_id=112dd69927cf3393479eb62ae7b3a7ec7&format=html#idp1086144
I did successfully got it to be removed from my PC but, I have internet disconnections which now appear. the internet disconnects every 3 minutes. and I don't really know if I deleted the Worm entirely. Please Help me. I am trying my best here and I can't fix it by myself :(. I have made a scan with Windows Defender and it found nothing. but I did a scan with HijackThis and it founded stuff:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:57:50, on 01/03/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)

FIREFOX: 27.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ad Muncher\AdMunch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Aviv.A\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [MKLOL] "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto
O4 - HKCU\..\Run: [Spotify] "C:\Users\Aviv.A\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Aviv.A\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - Startup: devenv.bat
O4 - Startup: Dropbox.lnk = C:\Users\Aviv.A\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: GamersFirst LIVE!.lnk = C:\Users\Aviv.A\AppData\Local\GamersFirst\LIVE!\Live.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Apache Web Server Monitor.lnk = C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: WSIEChrome - {6D02ED5F-FD0D-4C4C - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apache2.2-Zend - Apache Software Foundation - C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MySQL_ZendServer55 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zend Deployment (ZendDeployment) - Zend Technologies Ltd. - C:\Program Files (x86)\Zend\ZendServer\bin\zdd.exe
O23 - Service: Zend Job Queue  (ZendJobQueue) - Zend Technologies Ltd - C:\Program Files (x86)\Zend\ZendServer\bin\jqd.exe
O23 - Service: Zend Monitor (ZendMonitor) - Zend Technologies Ltd. - C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe
O23 - Service: Zend Server Daemon (ZendServerDaemon) - Zend Technologies Ltd. - C:\Program Files (x86)\Zend\ZendServer\bin\zsd.exe
O23 - Service: Zend Session Clustering (ZendSessionClustering) - Zend Technologies Ltd - C:\Program Files (x86)\Zend\ZendServer\bin\scd.exe

--
End of file - 9687 bytes

The owner unknown files are the ones created by this worm. and I cant seem to fix it whenever I click on "FIX Checked" and after restart. it just heals itself. the problem comes back.
 
What can I do about this? please guide me.. I lost myself here :'(

Edited by Queen-Evie, 01 March 2014 - 08:43 AM.
disabled link. moved from AII to appropropriate forum. HJT logs are allowed only in MRL


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 01 March 2014 - 09:12 AM

Hi,
 

The owner unknown files are the ones created by this worm.

No, they are not! These are legit (system-) files that HJT cannot read out properly because HJT is not able to handle 64-bit systems. Stop fixing them. :)

Run a FRST scan instead:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Aviv.A

Aviv.A
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 01 March 2014 - 09:32 AM

oh, Okay. Thank you for replying, what might make my internet disconnect then? because the disconnections started after I got this worm. and these are slight disconnections. I mean like a drop of internet for 3-5 seconds every 3-5 minutes when I'm playing any game. When I'm browsing websites, they sometimes are very slow and sometimes it shows that they are offline when they are not. The logs are:

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-03-2014
Ran by Aviv.A (administrator) on AVIV_AMAR on 01-03-2014 16:28:30
Running from C:\Users\Aviv.A\Downloads
Windows 8.1 Pro (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Apache Software Foundation) C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Apache Software Foundation) C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(The PHP Group) C:\Program Files (x86)\Zend\ZendServer\bin\php-cgi.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Zend Technologies Ltd.) C:\Program Files (x86)\Zend\ZendServer\bin\zdd.exe
(Zend Technologies Ltd.) C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe
(Zend Technologies Ltd.) C:\Program Files (x86)\Zend\ZendServer\bin\zsd.exe
(Zend Technologies Ltd.) C:\Program Files (x86)\Zend\ZendServer\bin\scd.exe
(The PHP Group) C:\Program Files (x86)\Zend\ZendServer\bin\php-cgi.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(The PHP Group) C:\Program Files (x86)\Zend\ZendServer\bin\php-cgi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Apache Software Foundation) C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad Muncher] - C:\Program Files (x86)\Ad Muncher\AdMunch.exe [595144 2014-01-03] (Murray Hurps Software Pty Ltd)
HKU\S-1-5-21-4193273495-71706258-2120174863-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation)
HKU\S-1-5-21-4193273495-71706258-2120174863-1001\...\Run: [MKLOL] - C:\Program Files (x86)\MKJogo\MKLOL\MK.exe [754888 2014-02-17] (MK)
HKU\S-1-5-21-4193273495-71706258-2120174863-1001\...\Run: [Spotify] - C:\Users\Aviv.A\AppData\Roaming\Spotify\Spotify.exe [4728320 2013-09-25] (Spotify Ltd)
HKU\S-1-5-21-4193273495-71706258-2120174863-1001\...\Run: [Spotify Web Helper] - C:\Users\Aviv.A\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-25] (Spotify Ltd)
HKU\S-1-5-21-4193273495-71706258-2120174863-1001\...\MountPoints2: {8af2a694-a74a-11e2-be6f-d43d7e535a61} - "H:\LaunchU3.exe" -a
Startup: C:\Users\Aviv.A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Aviv.A\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Aviv.A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\Aviv.A\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\Aviv.A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7C2C56603DF1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.7,he;q=0.3
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Tcpip\Parameters: [DhcpNameServer] 192.117.235.235 62.219.186.7

FireFox:
========
FF ProfilePath: C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default
FF NetworkProxy: "http", "80.246.2.33"
FF NetworkProxy: "http_port", 8082
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kuaiyong.yrtd.com,version=1.0.1.1 - C:\Program Files (x86)\kuaiyong\np_kyplugin.dll (YRTD)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: CloudShare plugin for Firefox - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\itst-firefox-plugin@itstructures.com [2013-04-15]
FF Extension: ColorZilla - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013-11-06]
FF Extension: Live HTTP Headers - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-04-15]
FF Extension: Charset Switcher - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\charsetswitcher@moztw.org.xpi [2013-04-15]
FF Extension: DownThemAll! Scheduler - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\dtaScheduler@forboden.com.xpi [2013-04-15]
FF Extension: Firebug - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-15]
FF Extension: MEGA - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\firefox@mega.co.nz.xpi [2013-11-15]
FF Extension: View Cookies - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}.xpi [2013-04-15]
FF Extension: Sothink Flash Downloader for Firefox - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [2013-04-15]
FF Extension: Web Developer - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-04-15]
FF Extension: Adblock Plus - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-15]
FF Extension: DownThemAll! - C:\Users\Aviv.A\AppData\Roaming\Mozilla\Firefox\Profiles\saj8iejk.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-15]

==================== Services (Whitelisted) =================

R2 Apache2.2-Zend; C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe [27680 2013-07-03] (Apache Software Foundation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MySQL_ZendServer55; C:\Program Files (x86)\Zend\MySQL55\my.ini [8913 2013-09-26] ()
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5161056 2014-02-03] (INCA Internet Co., Ltd.)
S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-11-17] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZendDeployment; C:\Program Files (x86)\Zend\ZendServer\bin\zdd.exe [1000872 2013-07-03] (Zend Technologies Ltd.)
S2 ZendJobQueue; C:\Program Files (x86)\Zend\ZendServer\bin\jqd.exe [1001896 2013-07-03] (Zend Technologies Ltd.)
R2 ZendMonitor; C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe [539560 2013-07-03] (Zend Technologies Ltd.)
R2 ZendServerDaemon; C:\Program Files (x86)\Zend\ZendServer\bin\zsd.exe [1367976 2013-07-03] (Zend Technologies Ltd.)
R2 ZendSessionClustering; C:\Program Files (x86)\Zend\ZendServer\bin\scd.exe [933800 2013-07-03] (Zend Technologies Ltd.)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-18] ()
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-02 00:37 - 2014-03-02 00:37 - 00000000 _____ () C:\Recovery.txt
2014-03-01 16:28 - 2014-03-01 16:28 - 00016609 _____ () C:\Users\Aviv.A\Downloads\FRST.txt
2014-03-01 16:28 - 2014-03-01 16:28 - 00000000 ____D () C:\FRST
2014-03-01 16:27 - 2014-03-01 16:27 - 02155520 _____ (Farbar) C:\Users\Aviv.A\Downloads\FRST64.exe
2014-03-01 15:12 - 2014-03-01 15:12 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Malwarebytes
2014-03-01 15:11 - 2014-03-01 15:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 15:11 - 2014-03-01 15:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 15:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-01 15:10 - 2014-03-01 15:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aviv.A\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 13:11 - 2014-03-02 00:49 - 00000000 ____D () C:\Users\Aviv.A\Downloads\backups
2014-03-01 13:04 - 2014-03-01 14:57 - 00009688 _____ () C:\Users\Aviv.A\Downloads\hijackthis.log
2014-02-28 23:33 - 2014-02-28 23:33 - 02929127 _____ () C:\Users\Aviv.A\Downloads\Angel Processor v145.2.1_mpgh.net.rar
2014-02-27 00:58 - 2014-02-28 13:03 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-27 00:56 - 2014-02-27 00:56 - 02720895 _____ () C:\Users\Aviv.A\Downloads\processhacker-2.33-bin.zip
2014-02-27 00:56 - 2014-02-27 00:56 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Process Hacker 2
2014-02-26 23:59 - 2014-02-26 23:59 - 01243588 _____ () C:\Users\Aviv.A\Downloads\ProcessExplorer(1).zip
2014-02-26 00:34 - 2014-03-02 00:50 - 00000000 ____D () C:\Program Files (x86)\PixtopianBook
2014-02-25 13:24 - 2014-02-25 13:24 - 02001053 _____ () C:\Users\Aviv.A\Downloads\odbg201h.zip
2014-02-24 15:53 - 2014-02-24 15:53 - 06965278 _____ () C:\Users\Aviv.A\Downloads\odbg201.zip
2014-02-23 20:29 - 2014-02-23 20:29 - 07190388 _____ () C:\Users\Aviv.A\Downloads\GG bypass.7z
2014-02-23 19:33 - 2014-02-23 19:33 - 07214107 _____ () C:\Users\Aviv.A\Downloads\a(2).zip
2014-02-23 18:44 - 2014-02-23 18:47 - 146044502 _____ () C:\Users\Aviv.A\Downloads\snd-reversingwithlena-tutorials.rar
2014-02-23 13:13 - 2014-02-23 13:13 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-02-23 13:11 - 2014-02-23 13:11 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\JustDecompile
2014-02-23 13:10 - 2014-02-23 13:10 - 00000000 ____D () C:\ProgramData\Telerik
2014-02-23 13:10 - 2014-02-23 13:10 - 00000000 ____D () C:\Program Files (x86)\Telerik
2014-02-23 13:08 - 2014-02-23 13:08 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Telerik
2014-02-23 13:08 - 2014-02-23 13:08 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Telerik_AD
2014-02-23 13:08 - 2014-02-23 13:08 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\IsolatedStorage
2014-02-23 13:07 - 2014-02-23 13:07 - 03363056 _____ (Telerik AD) C:\Users\Aviv.A\Downloads\TelerikJustDecompileSetup_2014.1.117.0.exe
2014-02-23 13:06 - 2014-02-23 13:06 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Red Gate .NET Reflector 8.2.0.7
2014-02-23 13:02 - 2014-02-23 13:03 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\JetBrains
2014-02-23 13:02 - 2014-02-23 13:02 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\SymbolSourceSymbols
2014-02-23 13:02 - 2014-02-23 13:02 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\RefSrcSymbols
2014-02-23 13:02 - 2014-02-23 13:02 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\JetBrains
2014-02-23 13:01 - 2014-02-23 13:01 - 29220864 _____ () C:\Users\Aviv.A\Downloads\dotPeekSetup-1.1.1.33.msi
2014-02-23 02:44 - 2014-02-23 02:44 - 06346233 _____ () C:\Users\Aviv.A\Downloads\hsh2hs.7z
2014-02-23 02:38 - 2014-02-23 02:38 - 00198944 _____ () C:\Users\Aviv.A\Downloads\Velociraptor.7z
2014-02-23 02:17 - 2014-02-23 02:17 - 00087175 _____ () C:\Users\Aviv.A\Downloads\Extreme-Injector.rar
2014-02-23 01:07 - 2014-02-23 01:07 - 00221457 _____ () C:\Users\Aviv.A\Downloads\nProtect.gameguard.Unhider.rar
2014-02-23 01:06 - 2014-02-23 01:06 - 00766071 _____ () C:\Users\Aviv.A\Downloads\TotalInjector_1.7.rar
2014-02-20 19:55 - 2014-02-03 22:41 - 05161056 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2014-02-20 19:49 - 2014-02-20 19:49 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drift City
2014-02-19 16:21 - 2014-02-19 16:21 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Need for Speed World
2014-02-19 16:11 - 2014-03-02 00:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-19 16:10 - 2014-02-19 16:10 - 06400680 _____ (Electronic Arts ) C:\Users\Aviv.A\Downloads\setup_nfsw.exe
2014-02-17 21:53 - 2014-02-17 21:53 - 00111235 _____ () C:\Users\Aviv.A\Downloads\Defeating and Emulating INCA's nProtect GameGuard_[www.unknowncheats.me]_.rar
2014-02-16 19:47 - 2014-02-16 19:47 - 00000000 ____D () C:\Program Files\DRK
2014-02-16 19:42 - 2014-02-16 19:42 - 07419904 _____ () C:\Users\Aviv.A\Downloads\Daphne_setup_x64.msi
2014-02-16 19:36 - 2014-02-16 19:36 - 01243588 _____ () C:\Users\Aviv.A\Downloads\ProcessExplorer.zip
2014-02-16 13:31 - 2014-02-17 13:54 - 05019048 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-15 22:09 - 2014-03-01 16:23 - 01169373 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-15 21:42 - 2013-12-09 02:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-15 21:42 - 2013-12-09 02:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-15 21:42 - 2013-11-27 17:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-15 21:42 - 2013-11-27 17:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-15 21:42 - 2013-11-27 16:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-15 21:42 - 2013-11-27 15:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-15 21:42 - 2013-11-27 14:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-15 21:42 - 2013-11-27 12:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-15 21:42 - 2013-11-27 12:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-15 21:42 - 2013-11-27 12:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-15 21:42 - 2013-11-27 11:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-15 21:42 - 2013-11-27 11:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-15 21:42 - 2013-11-27 11:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-15 21:42 - 2013-11-27 11:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-15 21:42 - 2013-11-27 10:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-15 21:42 - 2013-11-27 10:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-15 21:42 - 2013-11-27 06:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-15 21:42 - 2013-11-26 15:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-15 21:42 - 2013-11-26 15:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-15 21:42 - 2013-11-26 15:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-15 21:42 - 2013-11-26 15:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-15 21:42 - 2013-11-26 13:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-15 21:42 - 2013-11-26 13:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-15 21:42 - 2013-11-26 13:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-15 21:42 - 2013-11-26 12:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-15 21:42 - 2013-11-26 11:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-15 21:42 - 2013-11-26 10:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-15 21:42 - 2013-11-25 03:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-15 21:42 - 2013-11-25 03:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-15 21:42 - 2013-11-25 01:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-15 21:42 - 2013-11-25 01:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-15 21:42 - 2013-11-23 14:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-15 21:42 - 2013-11-23 13:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-15 21:42 - 2013-11-23 10:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-15 21:42 - 2013-11-23 09:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-15 21:42 - 2013-11-23 09:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-15 21:42 - 2013-11-23 09:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-15 21:42 - 2013-11-23 06:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-15 21:42 - 2013-11-23 05:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-15 21:42 - 2013-11-23 05:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-15 21:42 - 2013-11-23 05:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-15 21:42 - 2013-11-23 05:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-15 21:42 - 2013-11-23 05:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-15 21:42 - 2013-11-23 05:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-15 21:42 - 2013-11-21 08:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-15 21:42 - 2013-11-21 08:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-15 21:42 - 2013-11-16 07:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-15 21:42 - 2013-11-15 20:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-15 21:42 - 2013-11-15 16:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-15 21:42 - 2013-11-15 16:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-15 21:42 - 2013-11-15 16:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-15 21:42 - 2013-11-15 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-15 21:42 - 2013-11-05 22:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-15 21:42 - 2013-10-31 02:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-15 21:42 - 2013-10-31 01:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-15 03:18 - 2014-02-15 03:18 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-02-15 03:13 - 2014-02-20 19:48 - 00000000 ____D () C:\GamesCampus
2014-02-15 03:09 - 2014-02-15 03:09 - 00000537 _____ () C:\console.log
2014-02-15 03:08 - 2014-02-15 03:08 - 02496040 _____ () C:\Users\Aviv.A\Downloads\Drift_City_Downloader.exe
2014-02-15 02:49 - 2014-03-01 14:58 - 00000000 ____D () C:\Users\Aviv.A\Desktop\bleepCity_Collection
2014-02-15 02:42 - 2014-02-15 02:45 - 1441295176 _____ () C:\Users\Aviv.A\Downloads\DriftCity_Setup_20120404.zip
2014-02-15 02:31 - 2014-02-15 02:31 - 01257464 _____ () C:\Users\Aviv.A\Downloads\nhack_lite_v3.8.rar
2014-02-15 02:11 - 2014-02-15 02:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 13:46 - 2014-02-13 13:46 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Game.of.Thrones.HeBits-Ice.and.Fire.A.Foreshadowing.HDTV.XviD.HeBits-EVO
2014-02-12 14:47 - 2014-02-06 14:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 14:47 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 14:47 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 14:47 - 2014-02-06 13:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 14:47 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 14:47 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 14:47 - 2014-02-06 12:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 14:47 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 14:47 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 14:47 - 2014-02-06 12:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 14:47 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 14:47 - 2014-02-06 12:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 14:47 - 2014-02-06 12:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 14:47 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 14:47 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 14:47 - 2014-02-06 12:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 14:47 - 2014-02-06 12:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 14:47 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 14:47 - 2014-02-06 11:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 14:47 - 2014-02-06 11:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 14:47 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 14:47 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 14:47 - 2014-02-06 11:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 14:47 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 14:47 - 2014-02-06 11:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 14:47 - 2014-02-06 11:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 14:47 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 14:47 - 2014-02-06 11:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 14:47 - 2014-02-06 11:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 14:47 - 2014-02-06 11:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 14:47 - 2014-02-06 11:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 14:47 - 2014-02-06 11:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 14:47 - 2014-02-06 10:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 14:47 - 2014-02-06 10:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 14:47 - 2014-02-06 10:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 14:47 - 2014-02-06 10:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 14:47 - 2014-02-06 10:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 14:47 - 2014-01-07 07:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 14:47 - 2014-01-07 06:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 14:47 - 2014-01-04 22:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 14:47 - 2014-01-04 21:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 14:47 - 2014-01-04 16:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 14:47 - 2014-01-04 16:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 14:47 - 2014-01-04 15:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 14:47 - 2014-01-04 15:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 14:47 - 2014-01-04 15:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 14:47 - 2014-01-04 15:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 14:47 - 2013-12-21 04:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 14:47 - 2013-12-21 04:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 14:47 - 2013-12-20 12:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 14:47 - 2013-12-20 08:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 14:47 - 2013-12-09 04:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 14:47 - 2013-12-09 03:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 14:47 - 2013-12-09 02:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 14:47 - 2013-12-09 02:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 14:47 - 2013-12-09 01:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 14:47 - 2013-12-09 01:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 14:47 - 2013-11-21 08:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 14:47 - 2013-11-21 07:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-12 14:46 - 2014-01-09 10:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-12 14:46 - 2014-01-09 09:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-12 14:46 - 2014-01-09 09:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-12 14:46 - 2014-01-09 09:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 14:46 - 2014-01-09 09:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-12 14:46 - 2014-01-09 09:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-12 14:46 - 2014-01-09 09:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-12 14:46 - 2014-01-09 09:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-12 14:46 - 2014-01-09 09:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 14:46 - 2014-01-09 09:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-12 14:46 - 2014-01-07 09:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 14:46 - 2014-01-07 07:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-08 14:41 - 2014-02-08 14:52 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Breaking.Bad.S05.720p.HDTV.x264-Pack
2014-02-06 00:24 - 2014-02-06 00:36 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Breaking.Bad.S04.720p.HDTV.x264-TL
2014-02-05 20:31 - 2014-02-05 20:31 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Blizzard
2014-02-05 20:18 - 2014-02-05 20:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-02-05 20:16 - 2014-02-07 02:23 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Battle.net
2014-02-05 20:16 - 2014-02-05 20:31 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Battle.net
2014-02-05 20:16 - 2014-02-05 20:16 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Blizzard Entertainment
2014-02-05 20:16 - 2014-02-05 20:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-02-05 20:16 - 2014-02-05 20:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-05 20:15 - 2014-02-05 20:15 - 05971136 _____ (Blizzard Entertainment) C:\Users\Aviv.A\Downloads\Hearthstone-Beta-Setup-enUS.exe
2014-02-05 20:15 - 2014-02-05 20:15 - 00000000 ____D () C:\ProgramData\Battle.net
2014-02-03 19:15 - 2014-02-03 19:15 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Enders.Game.2013.1080p.BluRay.DTS.x264-PublicHD
2014-02-02 16:19 - 2014-02-02 16:20 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Thor.The.Dark.World.2013.720p.WEB-DL.H264-WEBiOS
2014-01-30 19:57 - 2014-01-30 19:58 - 1172906811 _____ () C:\Users\Aviv.A\Downloads\Breaking.Bad.S01E01.720p.HDTV.x264-BiA.mkv

==================== One Month Modified Files and Folders =======

2014-03-02 00:50 - 2014-02-26 00:34 - 00000000 ____D () C:\Program Files (x86)\PixtopianBook
2014-03-02 00:50 - 2013-12-06 11:29 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Rainmeter
2014-03-02 00:50 - 2013-09-04 11:32 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-02 00:50 - 2013-04-15 20:03 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\uTorrent
2014-03-02 00:50 - 2013-04-15 17:46 - 00000000 ___RD () C:\Users\Aviv.A\Desktop\Games
2014-03-02 00:49 - 2014-03-01 13:11 - 00000000 ____D () C:\Users\Aviv.A\Downloads\backups
2014-03-02 00:40 - 2013-11-02 15:43 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Notepad++
2014-03-02 00:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-03-02 00:40 - 2013-04-15 16:42 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Skype
2014-03-02 00:39 - 2014-02-19 16:11 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-03-02 00:39 - 2013-04-15 18:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-02 00:37 - 2014-03-02 00:37 - 00000000 _____ () C:\Recovery.txt
2014-03-01 16:28 - 2014-03-01 16:28 - 00016609 _____ () C:\Users\Aviv.A\Downloads\FRST.txt
2014-03-01 16:28 - 2014-03-01 16:28 - 00000000 ____D () C:\FRST
2014-03-01 16:27 - 2014-03-01 16:27 - 02155520 _____ (Farbar) C:\Users\Aviv.A\Downloads\FRST64.exe
2014-03-01 16:23 - 2014-02-15 22:09 - 01169373 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-01 16:16 - 2013-04-15 17:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-01 16:01 - 2013-04-15 16:08 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4193273495-71706258-2120174863-1001
2014-03-01 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-01 15:56 - 2013-11-08 16:02 - 00000000 __RDO () C:\Users\Aviv.A\SkyDrive
2014-03-01 15:55 - 2013-11-08 15:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-01 15:55 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-01 15:55 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-01 15:53 - 2013-04-15 16:01 - 00000000 ___RD () C:\Users\Aviv.A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-01 15:12 - 2014-03-01 15:12 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Malwarebytes
2014-03-01 15:12 - 2014-03-01 15:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 15:11 - 2014-03-01 15:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 15:10 - 2014-03-01 15:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aviv.A\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 15:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-01 14:58 - 2014-02-15 02:49 - 00000000 ____D () C:\Users\Aviv.A\Desktop\bleepCity_Collection
2014-03-01 14:57 - 2014-03-01 13:04 - 00009688 _____ () C:\Users\Aviv.A\Downloads\hijackthis.log
2014-03-01 14:57 - 2013-04-15 16:01 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\VirtualStore
2014-03-01 14:52 - 2013-11-08 15:45 - 00000000 ____D () C:\Users\Aviv.A
2014-03-01 12:53 - 2013-09-04 11:32 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\PMB Files
2014-02-28 23:33 - 2014-02-28 23:33 - 02929127 _____ () C:\Users\Aviv.A\Downloads\Angel Processor v145.2.1_mpgh.net.rar
2014-02-28 13:03 - 2014-02-27 00:58 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-28 12:56 - 2006-02-25 09:35 - 00001919 ____H () C:\Users\Aviv.A\AppData\Roaming\Aviv.Alog.dat
2014-02-28 10:46 - 2013-04-17 12:03 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Adobe
2014-02-27 00:56 - 2014-02-27 00:56 - 02720895 _____ () C:\Users\Aviv.A\Downloads\processhacker-2.33-bin.zip
2014-02-27 00:56 - 2014-02-27 00:56 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Process Hacker 2
2014-02-26 23:59 - 2014-02-26 23:59 - 01243588 _____ () C:\Users\Aviv.A\Downloads\ProcessExplorer(1).zip
2014-02-25 15:40 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-25 13:24 - 2014-02-25 13:24 - 02001053 _____ () C:\Users\Aviv.A\Downloads\odbg201h.zip
2014-02-24 15:53 - 2014-02-24 15:53 - 06965278 _____ () C:\Users\Aviv.A\Downloads\odbg201.zip
2014-02-23 20:29 - 2014-02-23 20:29 - 07190388 _____ () C:\Users\Aviv.A\Downloads\GG bypass.7z
2014-02-23 19:33 - 2014-02-23 19:33 - 07214107 _____ () C:\Users\Aviv.A\Downloads\a(2).zip
2014-02-23 18:47 - 2014-02-23 18:44 - 146044502 _____ () C:\Users\Aviv.A\Downloads\snd-reversingwithlena-tutorials.rar
2014-02-23 13:13 - 2014-02-23 13:13 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-02-23 13:11 - 2014-02-23 13:11 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\JustDecompile
2014-02-23 13:10 - 2014-02-23 13:10 - 00000000 ____D () C:\ProgramData\Telerik
2014-02-23 13:10 - 2014-02-23 13:10 - 00000000 ____D () C:\Program Files (x86)\Telerik
2014-02-23 13:08 - 2014-02-23 13:08 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Telerik
2014-02-23 13:08 - 2014-02-23 13:08 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Telerik_AD
2014-02-23 13:08 - 2014-02-23 13:08 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\IsolatedStorage
2014-02-23 13:07 - 2014-02-23 13:07 - 03363056 _____ (Telerik AD) C:\Users\Aviv.A\Downloads\TelerikJustDecompileSetup_2014.1.117.0.exe
2014-02-23 13:06 - 2014-02-23 13:06 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Red Gate .NET Reflector 8.2.0.7
2014-02-23 13:03 - 2014-02-23 13:02 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\JetBrains
2014-02-23 13:02 - 2014-02-23 13:02 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\SymbolSourceSymbols
2014-02-23 13:02 - 2014-02-23 13:02 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\RefSrcSymbols
2014-02-23 13:02 - 2014-02-23 13:02 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\JetBrains
2014-02-23 13:01 - 2014-02-23 13:01 - 29220864 _____ () C:\Users\Aviv.A\Downloads\dotPeekSetup-1.1.1.33.msi
2014-02-23 02:44 - 2014-02-23 02:44 - 06346233 _____ () C:\Users\Aviv.A\Downloads\hsh2hs.7z
2014-02-23 02:38 - 2014-02-23 02:38 - 00198944 _____ () C:\Users\Aviv.A\Downloads\Velociraptor.7z
2014-02-23 02:17 - 2014-02-23 02:17 - 00087175 _____ () C:\Users\Aviv.A\Downloads\Extreme-Injector.rar
2014-02-23 01:07 - 2014-02-23 01:07 - 00221457 _____ () C:\Users\Aviv.A\Downloads\nProtect.gameguard.Unhider.rar
2014-02-23 01:06 - 2014-02-23 01:06 - 00766071 _____ () C:\Users\Aviv.A\Downloads\TotalInjector_1.7.rar
2014-02-22 23:18 - 2013-04-15 18:08 - 00000000 ____D () C:\ProgramData\Origin
2014-02-22 23:17 - 2013-04-15 18:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-22 21:03 - 2013-09-25 17:59 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Spotify
2014-02-22 18:14 - 2013-11-08 16:07 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AA27D860-8ECC-4223-B10B-E4FB44B087E8}
2014-02-20 21:16 - 2013-04-15 17:38 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-20 19:49 - 2014-02-20 19:49 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drift City
2014-02-20 19:48 - 2014-02-15 03:13 - 00000000 ____D () C:\GamesCampus
2014-02-20 15:24 - 2013-04-25 19:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-19 16:21 - 2014-02-19 16:21 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Need for Speed World
2014-02-19 16:11 - 2013-04-24 22:23 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Electronic_Arts_Inc
2014-02-19 16:10 - 2014-02-19 16:10 - 06400680 _____ (Electronic Arts ) C:\Users\Aviv.A\Downloads\setup_nfsw.exe
2014-02-17 23:23 - 2013-09-30 06:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-17 23:00 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-17 23:00 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 21:53 - 2014-02-17 21:53 - 00111235 _____ () C:\Users\Aviv.A\Downloads\Defeating and Emulating INCA's nProtect GameGuard_[www.unknowncheats.me]_.rar
2014-02-17 20:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-17 14:00 - 2013-04-15 16:01 - 00000000 ___RD () C:\Users\Aviv.A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 13:54 - 2014-02-16 13:31 - 05019048 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-17 13:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-17 13:53 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 13:53 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-17 00:36 - 2013-09-18 20:46 - 00000000 ____D () C:\Users\Aviv.A\Documents\MK-LOL
2014-02-16 19:47 - 2014-02-16 19:47 - 00000000 ____D () C:\Program Files\DRK
2014-02-16 19:42 - 2014-02-16 19:42 - 07419904 _____ () C:\Users\Aviv.A\Downloads\Daphne_setup_x64.msi
2014-02-16 19:36 - 2014-02-16 19:36 - 01243588 _____ () C:\Users\Aviv.A\Downloads\ProcessExplorer.zip
2014-02-15 22:25 - 2013-07-24 08:50 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-15 22:22 - 2013-04-15 16:16 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-15 22:08 - 2013-04-15 16:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 03:19 - 2013-04-16 16:47 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\NPLUTO Corporation
2014-02-15 03:18 - 2014-02-15 03:18 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-02-15 03:09 - 2014-02-15 03:09 - 00000537 _____ () C:\console.log
2014-02-15 03:08 - 2014-02-15 03:08 - 02496040 _____ () C:\Users\Aviv.A\Downloads\Drift_City_Downloader.exe
2014-02-15 02:45 - 2014-02-15 02:42 - 1441295176 _____ () C:\Users\Aviv.A\Downloads\DriftCity_Setup_20120404.zip
2014-02-15 02:31 - 2014-02-15 02:31 - 01257464 _____ () C:\Users\Aviv.A\Downloads\nhack_lite_v3.8.rar
2014-02-15 02:11 - 2014-02-15 02:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 13:46 - 2014-02-13 13:46 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Game.of.Thrones.HeBits-Ice.and.Fire.A.Foreshadowing.HDTV.XviD.HeBits-EVO
2014-02-13 01:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-13 01:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-13 01:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-08 14:52 - 2014-02-08 14:41 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Breaking.Bad.S05.720p.HDTV.x264-Pack
2014-02-07 02:23 - 2014-02-05 20:16 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Battle.net
2014-02-06 14:16 - 2014-02-12 14:47 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 13:30 - 2014-02-12 14:47 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 13:30 - 2014-02-12 14:47 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 13:12 - 2014-02-12 14:47 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 13:07 - 2014-02-12 14:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 13:06 - 2014-02-12 14:47 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 12:57 - 2014-02-12 14:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 12:56 - 2014-02-12 14:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 12:49 - 2014-02-12 14:47 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 12:48 - 2014-02-12 14:47 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 12:48 - 2014-02-12 14:47 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 12:38 - 2014-02-12 14:47 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 12:32 - 2014-02-12 14:47 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 12:20 - 2014-02-12 14:47 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 12:17 - 2014-02-12 14:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 12:11 - 2014-02-12 14:47 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 12:01 - 2014-02-12 14:47 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 12:00 - 2014-02-12 14:47 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 14:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 11:57 - 2014-02-12 14:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 11:52 - 2014-02-12 14:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 11:52 - 2014-02-12 14:47 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 11:50 - 2014-02-12 14:47 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 11:47 - 2014-02-12 14:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 11:46 - 2014-02-12 14:47 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 11:25 - 2014-02-12 14:47 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 11:25 - 2014-02-12 14:47 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 11:24 - 2014-02-12 14:47 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 11:22 - 2014-02-12 14:47 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 11:13 - 2014-02-12 14:47 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 11:09 - 2014-02-12 14:47 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 11:03 - 2014-02-12 14:47 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 10:55 - 2014-02-12 14:47 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 10:41 - 2014-02-12 14:47 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 10:40 - 2014-02-12 14:47 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 10:36 - 2014-02-12 14:47 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 10:34 - 2014-02-12 14:47 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-06 00:36 - 2014-02-06 00:24 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Breaking.Bad.S04.720p.HDTV.x264-TL
2014-02-05 20:31 - 2014-02-05 20:31 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Blizzard
2014-02-05 20:31 - 2014-02-05 20:18 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-02-05 20:31 - 2014-02-05 20:16 - 00000000 ____D () C:\Users\Aviv.A\AppData\Roaming\Battle.net
2014-02-05 20:16 - 2014-02-05 20:16 - 00000000 ____D () C:\Users\Aviv.A\AppData\Local\Blizzard Entertainment
2014-02-05 20:16 - 2014-02-05 20:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-02-05 20:16 - 2014-02-05 20:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-05 20:15 - 2014-02-05 20:15 - 05971136 _____ (Blizzard Entertainment) C:\Users\Aviv.A\Downloads\Hearthstone-Beta-Setup-enUS.exe
2014-02-05 20:15 - 2014-02-05 20:15 - 00000000 ____D () C:\ProgramData\Battle.net
2014-02-04 12:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-03 22:41 - 2014-02-20 19:55 - 05161056 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2014-02-03 19:15 - 2014-02-03 19:15 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Enders.Game.2013.1080p.BluRay.DTS.x264-PublicHD
2014-02-02 16:20 - 2014-02-02 16:19 - 00000000 ____D () C:\Users\Aviv.A\Downloads\Thor.The.Dark.World.2013.720p.WEB-DL.H264-WEBiOS
2014-01-30 19:58 - 2014-01-30 19:57 - 1172906811 _____ () C:\Users\Aviv.A\Downloads\Breaking.Bad.S01E01.720p.HDTV.x264-BiA.mkv

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-01 01:02

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2014
Ran by Aviv.A at 2014-03-01 16:29:09
Running from C:\Users\Aviv.A\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

¿ל׃ֳֶ»¹ײתֺײ 2.1.1.1 (HKLM-x32\...\{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1) (Version: 2.1.1.1 - ±±¾©׃ֶָ»ּלµ״¿ֶ¼¼׃׀ֿ¹«ֻ¾)
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ad Muncher v4.93.33707 (HKLM-x32\...\Ad Muncher) (Version:  - )
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.6.1.603578 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed III 1.01 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Interactive Limited)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.64.1073 - AB Team, d.o.o.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
Daphne_x64 (HKLM\...\{0E86DAB8-B08C-4714-BEAF-EAFCAC362B96}) (Version: 1.52.0 - DRK)
DC Universe Online (HKLM-x32\...\Steam App 24200) (Version:  - Sony Online Entertainment)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Desura: The Stanley Parable (HKLM-x32\...\Desura_78928613998608) (Version: Full - Cakebread)
Drift City (HKLM-x32\...\DriftCity_US) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Electronic Super Joy 1.0 (HKLM-x32\...\Electronic Super Joy 1.0) (Version: 1.0 - Cat-A-Cat)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.2.2022 - OpenSight Software LLC)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Half-Life 2 (HKCU\...\Half-Life 2) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
InfiniteCrisis (HKLM-x32\...\InfiniteCrisis) (Version:  - Turbine, Inc)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java(TM) 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217000F0}) (Version: 7.0.0 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.2.2 - www.leaguereplays.com)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Minecraft1.6.1 (HKLM-x32\...\Minecraft1.6.1) (Version:  - )
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
MKLOL (HKCU\...\MKLOL) (Version:  - )
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MySQL Server 5.5 (HKLM-x32\...\{20381839-62AB-4689-8FF2-24C4C3E18B08}) (Version: 5.5.23 - Oracle Corporation)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PPײתֺײ PC°ז 1.1.1.8 (HKLM-x32\...\PPײתֺײ PC°ז) (Version: 1.1.1.8 - ¹דײּתָֻֽרֲח¿ֶ¼¼׃׀ֿ¹«ֻ¾)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2187 - )
Remember Me (HKLM-x32\...\Remember Me_is1) (Version: 1.0.1 - Capcom)
Saints Row The Third (HKLM-x32\...\Saints Row The Third_is1) (Version:  - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slender The Arrival version 1.2 (HKLM-x32\...\{66319C86-7A19-48C9-8FD8-FC73E7D000BA}_is1) (Version: 1.2 - Parsec Production)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1629.0 - Hi-Rez Studios)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spotify (HKCU\...\Spotify) (Version: 0.9.4.169.gc0399df6 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
Telerik JustDecompile 2014 (HKLM-x32\...\{6916A1CF-0E3B-4229-BFD1-EFCC729DCD1F}) (Version: 14.1.117.0 - Telerik AD)
The Walking Dead (HKLM-x32\...\The Walking Dead) (Version: 1.0.0.15 - Telltale Games)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
TransMac version 10.4 (HKLM-x32\...\TransMac_is1) (Version: 10.4 - Acute Systems)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WTFast 2.13 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version:  - Initex & AAA Internet Publishing)
Zend Server (HKLM-x32\...\InstallShield_{E2DCFE34-75BA-452C-8F5C-07EECD2DE9E2}) (Version: 6.1.0.72355 - Zend Technologies)
Zend Server (x32 Version: 6.1.0.72355 - Zend Technologies) Hidden

==================== Restore Points  =========================

12-02-2014 13:01:55 Windows Update
15-02-2014 20:21:26 Windows Update
21-02-2014 11:38:50 Windows Update
23-02-2014 11:13:11 Removed Telerik JustDecompile 2014

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D711D35-0223-4FD0-9381-23D5A818DB5A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {50D0DE8E-101C-4694-AC9E-3C9B26833A91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {655C2B50-1D75-4A42-B9E9-C521EDD9D754} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B27F673C-401F-4E32-8496-BC0F30CD32E8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-15] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EBE5557A-D723-4231-8376-8B3CD022A4ED} - System32\Tasks\AdobeAAMUpdater-1.0-Aviv_Amar-Aviv.A => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-08 15:42 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-10 19:37 - 2013-10-10 19:37 - 00312747 _____ () C:\Program Files\DRK\Daphne_x64\libintl-8.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-10 18:51 - 2013-11-10 18:51 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2013-11-10 18:51 - 2013-11-10 18:51 - 00804536 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-11-10 18:49 - 2013-11-10 18:49 - 00058880 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2013-11-10 18:47 - 2013-11-10 18:47 - 00017408 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.dll
2013-11-10 18:49 - 2013-11-10 18:49 - 00014336 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.dll
2013-11-10 18:49 - 2013-11-10 18:49 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-25 16:56 - 2012-11-25 16:56 - 00069552 _____ () C:\Program Files (x86)\Zend\ZendServer\bin\zlib1.dll
2012-11-25 17:13 - 2012-11-25 17:13 - 00169904 _____ () C:\Program Files (x86)\Zend\ZendServer\bin\libmcrypt.dll
2012-11-25 17:33 - 2012-11-25 17:33 - 00203184 _____ () C:\Program Files (x86)\Zend\ZendServer\bin\libtidy.dll
2013-07-03 13:50 - 2013-07-03 13:50 - 00091048 _____ () C:\Program Files (x86)\Zend\ZendServer\bin\zip.dll
2014-02-15 02:11 - 2014-02-15 02:11 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Aviv.A\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2014 03:55:30 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .

Error: (03/01/2014 03:55:30 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> [Sat Mar 01 15:55:30 2014] [notice] Disabled use of AcceptEx() WinSock2 API     .

Error: (03/01/2014 03:00:00 PM) (Source: ESENT) (User: )
Description: svchost (1660) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU0096A.log.

Error: (03/01/2014 02:52:51 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .

Error: (03/01/2014 02:52:49 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> [Sat Mar 01 14:52:49 2014] [notice] Disabled use of AcceptEx() WinSock2 API     .

Error: (03/01/2014 02:35:57 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .

Error: (03/01/2014 02:35:56 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> [Sat Mar 01 14:35:56 2014] [notice] Disabled use of AcceptEx() WinSock2 API     .

Error: (03/01/2014 01:51:21 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .

Error: (03/01/2014 01:51:20 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> [Sat Mar 01 13:51:20 2014] [notice] Disabled use of AcceptEx() WinSock2 API     .

Error: (03/01/2014 01:45:54 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .


System errors:
=============
Error: (03/01/2014 03:57:51 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069

Error: (03/01/2014 03:57:51 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/01/2014 03:54:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/01/2014 02:55:13 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069

Error: (03/01/2014 02:55:13 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/01/2014 02:54:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/01/2014 02:52:18 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (03/01/2014 01:53:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/01/2014 01:53:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/01/2014 01:52:20 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068


Microsoft Office Sessions:
=========================
Error: (03/01/2014 03:55:30 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName

Error: (03/01/2014 03:55:30 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>[Sat Mar 01 15:55:30 2014] [notice] Disabled use of AcceptEx() WinSock2 API

Error: (03/01/2014 03:00:00 PM) (Source: ESENT)(User: )
Description: svchost1660SRUJet: C:\WINDOWS\system32\SRU\SRU0096A.log-1811 (0xfffff8ed)

Error: (03/01/2014 02:52:51 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName

Error: (03/01/2014 02:52:49 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>[Sat Mar 01 14:52:49 2014] [notice] Disabled use of AcceptEx() WinSock2 API

Error: (03/01/2014 02:35:57 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName

Error: (03/01/2014 02:35:56 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>[Sat Mar 01 14:35:56 2014] [notice] Disabled use of AcceptEx() WinSock2 API

Error: (03/01/2014 01:51:21 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName

Error: (03/01/2014 01:51:20 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>[Sat Mar 01 13:51:20 2014] [notice] Disabled use of AcceptEx() WinSock2 API

Error: (03/01/2014 01:45:54 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 4045.07 MB
Available physical RAM: 2140.34 MB
Total Pagefile: 5645.07 MB
Available Pagefile: 2815.01 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:550.05 GB) (Free:12.56 GB) NTFS
Drive d: () (Fixed) (Total:381.12 GB) (Free:284.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 606FFE47)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=550 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=381 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Thanks for replying, again :D



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 01 March 2014 - 10:16 AM

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


#5 Aviv.A

Aviv.A
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 01 March 2014 - 10:55 AM

Ok, it found something. but that "something" that was found is actually a DLL Injector that was downloaded weeks ago.. it has been confirmed for no-harm by like 10k users. so I don't think it was this one. anyways. Here is the log files:

mbar-log-2014-03-01 (17-37-24) :

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.01.03

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Aviv.A :: AVIV_AMAR [administrator]

01/03/2014 17:37:24
mbar-log-2014-03-01 (17-37-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 276781
Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Aviv.A\Desktop\Games\DCRivaHack\Extreme Injector v2.exe (HackTool.Agent.DC) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

system-log :

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16518

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 4241567744, free: 2037964800

Downloaded database version: v2014.03.01.03
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 606FFE47

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 1153536000

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1154254848  Numsec = 799266816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Infected: C:\Users\Aviv.A\Desktop\Games\DCRivaHack\Extreme Injector v2.exe --> [HackTool.Agent.DC]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished



#6 Aviv.A

Aviv.A
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 02 March 2014 - 02:43 PM

The problem is now fixed. Apparently I have had a problem with my router and 1-2 days after the problem should be gone. I am now seeing a lot less lags and disconnects. so it wasn't a virus.

Thanks for helping anyways @aharonov , I appreciate it so much. Thank You :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users